Day 3 (Plone Conference 2008 Notes)

by T. Kim Nguyen — last modified Oct 16, 2008 01:14 PM

— filed under: ploneconf2008

Kim's notes

KSS Techniques

Joel Burton

see slides at http://plonebootcamps.com/resources

KSS: the power of JavaScript and the syntax of CSS
No need to learn JavaScript
Give a dynamic "AJAXy" flavour to your site: lets parts of the page refresh, instead of having to wait for the entire page to be redrawn by the server
zope.refreshViewlet
zope.refreshPortlet
use Firebug (Firefox add-on) and turn on portal_js debugging
to test, type in URL of KSS script directly

Clayton Parker, Six Feet Up

paster create -t plone3_buildout myplone

[buildout]
eggs-directory =  
download-directory =
zope-directory =
index = pypindexurl

recipes are at cheese shop or collective buildout folder
plone.recipe.squid
can use to build any Python stuff: Pylons, Django, etc.
skillet: repo of eggs
Andreas Jung: launchpad.net/pypimirror; mailing list, instructions, run script
plone.recipe.zope2install
fake eggs: useful for testing
use profiles folder with different .cfg files like base.cfg, development.cfg, production.cfg, qa.cfg
set timezone on BSD (FreeBSD: US vs America TZ)
environment-vars = TZ America/New York
instance script works correctly with TZs, not runzope
can give instance console mode similar to fg but without debug mode
development.cfg

parts += ${debugging:parts} omelette
eggs += ${debugging:eggs}
zcml += ${debugging:zcml}

[eggs]
plone.reload Products.Clouseau
Products.PDBDebugMode Products.PrintingMailHost
Products.DocFinderTab

versions.cfg: use to pin versions of packages, include it in production.cfg
set eggs += Products.CacheSetup and z2-log-level = CRITICAL to reduce logging
zodb-cache-size = 15000 (default is 5000)
instance-clone = instance
http-address = 10080
could also use '-=' to remove options
python2.4 bootstrap.py
bin/buildout -v or -Nvvv (non newest) or -No (non-newest and offline mode) or -t 60 (shorten timeout)
bin/instance start
bin/buildout instance:debug-mode = on
bin/buildout partname
paster create -t recipe my.recipe.example
class Recipe: def __init__, def install, def update, def uninstall (see .install.cfg)
see infrae.subversion recipe
Six Feet Up: does hosting; see sixfeetup.com/dw08 for deployment workshop, see collective.recipe.plonesite (starts Zope, runs GenericSetup), plone.recipe.runscript

Lawrence Rhodes

object relational mapping
zope.sqlalchemy supports versioning, workflow, vocabularies, subfolders
collective.tin, collective.lead, z3c.saconfig, collective.mercury (reflection of tables, boilerplate)
binary 'reindex' column (default to 1) lets SQLAlchemy find and use content created/updated by other non-Plone processes; use cron job or clock section in zope.cfg to process these rows periodically)
show example site from a bank client that had complex workflows for creating derivatives; portlet showed current object state and possible transitions, including explanation for each
recommends DCWorkflow: lets an object have multiple workflows

Steve McMahon, Eric Rose

use layered defences
use principle of least privileges
daemon security: monolithic sendmail ("rootmail") vs compartmentalized underprivileged modules in postfix
typical Plone install owns its code (.pyc) and files: BAD IDEA
root should own /parts, *.py*; plone should own /var and /logs
run compileall.py as any user other than plone
or use

[precompile]
recipe = plone.recipe.precompiler

even better: use ZEO: uses worker processes
port security: do not use ports over 1024
do not allow zope or zeo to accept connections except on 127.0.0.1
zope.conf: ip-address 127.0.0.1
zeo.conf: address 127.0.0.1
untrusted local users; use iptables to do local uid filtering
within zope: use web server auth (PAS), redirect to https, add header, user enumerator
require valid-user
rewriterule, requestheader for 443
for 80, unset x.remote_user
PloneLDAP, plone.app.ldap, create users and groups through Plone
write your own PAS: see plone.org or svn.plone.org, paster create -t plone_pas